diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c
index 9198a8bfbc..4db3730972 100644
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@@ -1934,7 +1934,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
    * we were unable to resolve it previously. The endpoint address is passed
    * in order to make sure to never consider an address that is the same as
    * our endpoint. */
-  relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr);
+  relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr,
+                               identity_digest);
 
   if (! chan->conn->handshake_state->sent_netinfo) {
     /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c
index 699eb7e380..28b5985bb8 100644
--- a/src/feature/relay/relay_find_addr.c
+++ b/src/feature/relay/relay_find_addr.c
@@ -55,12 +55,14 @@ router_guess_address_from_dir_headers(uint32_t *guess)
  * passes. */
 void
 relay_address_new_suggestion(const tor_addr_t *suggested_addr,
-                             const tor_addr_t *peer_addr)
+                             const tor_addr_t *peer_addr,
+                             const char *identity_digest)
 {
   const or_options_t *options = get_options();
 
   tor_assert(suggested_addr);
   tor_assert(peer_addr);
+  tor_assert(identity_digest);
 
   /* This should never be called on a non Tor relay. */
   if (BUG(!server_mode(options))) {
@@ -68,8 +70,9 @@ relay_address_new_suggestion(const tor_addr_t *suggested_addr,
   }
 
   /* Is the peer a trusted source? Ignore anything coming from non trusted
-   * source. In this case, we only look at trusted authorities. */
-  if (!router_addr_is_trusted_dir(peer_addr)) {
+   * source. In this case, we only look at trusted directory authorities. */
+  if (!router_addr_is_trusted_dir(peer_addr) ||
+      !router_digest_is_trusted_dir(identity_digest)) {
     return;
   }
 
diff --git a/src/feature/relay/relay_find_addr.h b/src/feature/relay/relay_find_addr.h
index d856e706ea..6f298e6c79 100644
--- a/src/feature/relay/relay_find_addr.h
+++ b/src/feature/relay/relay_find_addr.h
@@ -16,7 +16,8 @@ void router_new_address_suggestion(const char *suggestion,
                                    const dir_connection_t *d_conn);
 
 void relay_address_new_suggestion(const tor_addr_t *suggested_addr,
-                                  const tor_addr_t *peer_addr);
+                                  const tor_addr_t *peer_addr,
+                                  const char *identity_digest);
 
 #ifdef RELAY_FIND_ADDR_PRIVATE